package com.swift.authority.application.config.security;

import com.swift.authority.common.constant.CommonConstant;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author Administrator
 * @version 1.0
 * @description 登录放行配置
 * @date 2022/06/25  18:41
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * SpringSecurity默认的密码加密器
     * @return
     */
    @Bean
    public PasswordEncoder getPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }
    /**
     * @description 基本配置
     * @param http 安全认证
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //放行oauth的端点
                .antMatchers("/oauth/**",
                        CommonConstant.OUT_FILE,
                        CommonConstant.PARSE_EXCEL,
                        "/users/file.html")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .permitAll()
                .permitAll()
                .and()
                .csrf();
    }

    /**
     * 2 授权管理器
     * @return AuthenticationManager
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    /**
     * 设置不拦截资源服务器的认证请求
     * 用户注册页面是不需要拦截的
     *
     * @param web web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                CommonConstant.REGISTRY_URI,
                CommonConstant.LOGIN_URI,
                CommonConstant.MENUS_URI
        );
    }
}